tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
42718 commits 1 branch 0 tags 50 MiB
Commit graph

42718 commits

This branch
This branch
All branches
Author SHA1 Message Date
Charles Chen
5eb2d8b0df Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a am: badbeec6ac 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: Ie5d474cceaac9833f53194b17636147cdc6eb75e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:49:53 +00:00
Charles Chen
5eba5e62a3 Merge "Move isolated_compute_app to be public" am: 290d1876ff am: 48a0bcd865 am: d57f6bc6ae 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I997bf77614cf78e61f89925857a60bb8a9a907fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:48:55 +00:00
Charles Chen
badbeec6ac Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde am: 82c81a216a 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: I4352aa3bec7b6e48b61caa751a15d7ead1a98210
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:06:15 +00:00
Charles Chen
d57f6bc6ae Merge "Move isolated_compute_app to be public" am: 290d1876ff am: 48a0bcd865 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I3db506238449d86892b769fb137364aa76c52ca8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 18:05:24 +00:00
Charles Chen
82c81a216a Fix attribute plurals for isolated_compute_allowed am: 27a8f43fde 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2552770

Change-Id: Ibdcc12fe4cf92d4ba9f7ed25b7142eaab88ad8c8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:47:35 +00:00
Charles Chen
48a0bcd865 Merge "Move isolated_compute_app to be public" am: 290d1876ff 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2544610

Change-Id: I9093ea1878a6dbb6af85fb69a3547303dfd08784
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:25:33 +00:00
Eric Rahm
3c9b657e1d Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee am: 7e4c7b47a2 am: 051fd4658e 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: I3bc5e7644efdaf99291b2efa61de9740b3f8a7e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:23:14 +00:00
Eric Rahm
be8a31739a Fix denial for ioctl FS Verity am: af6035c64f am: 4606eaa950 am: 1f2c6ef5e7 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: Id4297a235f5803ab4d8efafa2b2a632d29a2494c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 17:23:10 +00:00
Charles Chen
27a8f43fde Fix attribute plurals for isolated_compute_allowed 
Following the naming convention.

Bug: N/A
Test: m
Change-Id: Ie26d67423f9ee484ea91038143ba763ed8f97e2f
 2023-04-20 16:39:39 +00:00
Charles Chen
290d1876ff Merge "Move isolated_compute_app to be public" 2023-04-20 16:31:52 +00:00
Eric Rahm
051fd4658e Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee am: 7e4c7b47a2 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: Ib7a6476be234490f7d4053f6d2d423b5578744e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 16:28:52 +00:00
Eric Rahm
1f2c6ef5e7 Fix denial for ioctl FS Verity am: af6035c64f am: 4606eaa950 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: I8a8ae8b48342843cd643abbb499b03b399c03cbd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 16:28:45 +00:00
Eric Rahm
7e4c7b47a2 Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" am: 66ef8f01ee 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549731

Change-Id: I1e806c6f293c964bf949b0cd4d14ee70eea0201b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:50:42 +00:00
Eric Rahm
4606eaa950 Fix denial for ioctl FS Verity am: af6035c64f 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2549730

Change-Id: I59e5261f9a2fea9d855756e7bb255b683868b3a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:50:40 +00:00
Alexander Roederer
5c9320232a Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce am: 06ad0c13cc am: f5324ae425 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: I7f3e24a17423eb7a29e4a8bb17e14e06ca27ec4e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 15:27:08 +00:00
Eric Rahm
66ef8f01ee Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734" 
* changes:
  Allow system_server to verify installed apps
  Fix denial for ioctl FS Verity
 2023-04-20 15:06:22 +00:00
Alexander Roederer
f5324ae425 Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce am: 06ad0c13cc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: I2c53a5567cf76028273a970ede2068ef46224a30
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 14:45:21 +00:00
Alexander Roederer
06ad0c13cc Merge "Add persist.sysui.notification.builder_extras_ovrd" am: e46266d2ce 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538550

Change-Id: I71d79af77e6a3f98713b6d31b89839e9b6b25a13
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 14:04:23 +00:00
Alexander Roederer
e46266d2ce Merge "Add persist.sysui.notification.builder_extras_ovrd" 2023-04-20 13:22:24 +00:00
Charles Chen
c8ab3593d0 Move isolated_compute_app to be public 
This will allow vendor customization of isolated_compute_app. New permissions added should be associated with isolated_compute_allowed.

Bug: 274535894
Test: m
Change-Id: I4239228b80544e6f5ca1dd68ae1f44c0176d1bce
 2023-04-20 05:39:29 +00:00
Eric Rahm
588d537f0b Allow system_server to verify installed apps 
This commit allows system_server to call FS_IOC_SETFLAGS ioctl

Bug: 259756715
Fixes: 272527416
Test: Flash and pair watch, verify denial logs after apps are updated.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8d15734fb52ce08461fd4259ddfd22e889cf9061)
Merged-In: I7a99d3bb7deb3683b342795cb1bbef7abbbcbe38

Change-Id: I7a99d3bb7deb3683b342795cb1bbef7abbbcbe38
 2023-04-20 03:05:01 +00:00
Treehugger Robot
258cb0d2f9 Merge "Allow remote_provisioning to query IRPC" am: 81d607c686 am: 2cc28f0d55 am: 91595e7470 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538191

Change-Id: Iee1c820b11cf7a6a75d40d9def31c5faed1c197a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-20 00:11:16 +00:00
Eric Rahm
af6035c64f Fix denial for ioctl FS Verity 
For unknown reason, denial still happens with system app after applying
ag/20712480. This commit adds a work around to fix this.

Bug: 258093107
Fixes: 272530397

Test: flash build, pair watch with phone, check SE denials log
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0ade3b2183d850fd508569782e35a59ef2bd4dce)
Merged-In: I16932c793c5ca144746d0903ed1826c1847d2add

Change-Id: I16932c793c5ca144746d0903ed1826c1847d2add
 2023-04-20 00:02:07 +00:00
Treehugger Robot
91595e7470 Merge "Allow remote_provisioning to query IRPC" am: 81d607c686 am: 2cc28f0d55 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538191

Change-Id: Id89b6fc39bf6a9c05f8ef35215d7bd40319f04c1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-19 23:26:31 +00:00
Treehugger Robot
2cc28f0d55 Merge "Allow remote_provisioning to query IRPC" am: 81d607c686 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2538191

Change-Id: I1e72c9af0f4410f6760eec5a84b8f3ffdefe62a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-19 22:47:02 +00:00
Treehugger Robot
81d607c686 Merge "Allow remote_provisioning to query IRPC" 2023-04-19 22:17:55 +00:00
Andrew Scull
0977919ac4 Allow remote_provisioning to query IRPC 
Enable remote_provisioning diagnostic reporting from dumpsys and adb
shell by allowing the service, which is hosted in system_server, to call
KeyMint's IRPC HAL implementation.

Test: adb shell dumpsys remote_provisioning
Test: adb shell cmd remote_provisioning
Bug: 265747549
Change-Id: Ica9eadd6019b577990ec3493a2b08e25f851f465
 2023-04-19 20:55:37 +00:00
Alexander Roederer
2b05965492 Add persist.sysui.notification.builder_extras_ovrd 
Adds persist.sysui.notification.builder_extras_override property
associated permissions, which will be used to flag guard
a change in core/...Notification.java.

Original change I3f7e2220798d22c90f4326570732a52b0deeb54d didn't
cover zygote, which are needed for preloaded classes

Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: Ifad9e7c010554aa6a1e1822d5885016058c801c9
 2023-04-19 18:29:04 +00:00
Treehugger Robot
68e237aa8c Merge changes from topic "b268128589" am: d073bd4209 am: cf5963c6a8 am: cfe9c14ada 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529324

Change-Id: I149c1a56de8f4bd11738832cc18d19aca41c4b6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-18 23:43:59 +00:00
Treehugger Robot
cfe9c14ada Merge changes from topic "b268128589" am: d073bd4209 am: cf5963c6a8 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529324

Change-Id: I34f3ffebf02c4fd626ba868bcb619c68acaef347
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-18 23:06:17 +00:00
Treehugger Robot
cf5963c6a8 Merge changes from topic "b268128589" am: d073bd4209 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529324

Change-Id: Ibbaa922397d38ea8aea1b8bf77bf6a6a7f3774b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-18 22:18:50 +00:00
Treehugger Robot
d073bd4209 Merge changes from topic "b268128589" 
* changes:
  Revert "Modify the automotive display service file context"
  Revert "Move cardisplayproxyd to system_ext"
 2023-04-18 21:44:44 +00:00
Yuxin Hu
c8fa8026a5 Merge "Allow gpuservice to query permission" am: aff0f53398 am: ea1a7a71a0 am: 4b4448f2cd 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2539770

Change-Id: I9e4237ce3795e1897a60b7ef98657ed53d0d6fb6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 18:30:25 +00:00
Yuxin Hu
4b4448f2cd Merge "Allow gpuservice to query permission" am: aff0f53398 am: ea1a7a71a0 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2539770

Change-Id: I784b9045e7d315c9656ffc662c64f98e6d001ad6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 17:58:22 +00:00
Yuxin Hu
ea1a7a71a0 Merge "Allow gpuservice to query permission" am: aff0f53398 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2539770

Change-Id: I1ae98b136f0840822d45d33088ff56a705c756ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 17:28:35 +00:00
Yuxin Hu
aff0f53398 Merge "Allow gpuservice to query permission" 2023-04-17 16:56:53 +00:00
Treehugger Robot
6be0665e82 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" am: 6e5f8d5150 am: d94b48bcef am: 87a23ae361 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519757

Change-Id: Ia910ef23f94402407862160fe33bd747078a2e35
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 05:28:27 +00:00
Treehugger Robot
87a23ae361 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" am: 6e5f8d5150 am: d94b48bcef 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519757

Change-Id: I7707436369a47470bffe0d353b15d935bbc4b78b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 04:58:08 +00:00
Treehugger Robot
d94b48bcef Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" am: 6e5f8d5150 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2519757

Change-Id: I9582976d582bfefc32a34208082d75a656c873b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-17 04:28:40 +00:00
Yuxin Hu
fce99d90c7 Allow gpuservice to query permission 
Bug: b/270994705
Test: Flash, verify Pixel 7 can boot.
Change-Id: I11e61034a8b4404aa998af2b9a04e08af9095fec
 2023-04-17 04:12:43 +00:00
Treehugger Robot
6e5f8d5150 Merge "Allow virtualizationmanager to open test artifacts in shell_data_file" 2023-04-17 04:00:16 +00:00
Yuxin Hu
81deebacc3 Merge "Add a new system property persist.graphics.egl" am: b011ba5ffb am: 2ec8d6d9f6 am: e20f4369dc 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529329

Change-Id: I34e98b75cb34610474303349e8a9eff337440044
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 21:16:14 +00:00
Yuxin Hu
e20f4369dc Merge "Add a new system property persist.graphics.egl" am: b011ba5ffb am: 2ec8d6d9f6 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529329

Change-Id: Ibdfe943e45f12e2f790f4f0a5b97331a00607521
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:43:24 +00:00
Yuxin Hu
2ec8d6d9f6 Merge "Add a new system property persist.graphics.egl" am: b011ba5ffb 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2529329

Change-Id: Idde1377bf03759d3a47dc32a9ba3a646e956c2bd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-13 20:13:39 +00:00
Yuxin Hu
b011ba5ffb Merge "Add a new system property persist.graphics.egl" 2023-04-13 18:49:26 +00:00
Yuxin Hu
889dd078e9 Add a new system property persist.graphics.egl 
This new system property will be read and written
by a new developer option switch, through gpuservice.

Based on the value stored in persis.graphics.egl,
we will load different GLES driver.

e.g.
persist.graphics.egl == $ro.hardware.egl: load native GLES driver
persist.graphics.egl == angle: load angle as GLES driver

Bug: b/270994705
Test: m; flash and check Pixel 7 boots fine
Change-Id: Idec4b947d0c69c52cd798df4f834053bd306cf5f
 2023-04-13 04:38:46 +00:00
Treehugger Robot
4ec7f16534 Merge "Skip TQ2A.230405.003" am: a5d4554522 am: 40c8242b36 am: 9f56c1d212 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530585

Change-Id: Ib524083f198c69ac83a7a0530c4331e6e40b1e6a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 20:57:12 +00:00
Treehugger Robot
9f56c1d212 Merge "Skip TQ2A.230405.003" am: a5d4554522 am: 40c8242b36 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530585

Change-Id: I89951a9211c6e66d188a2b1fa9576185fbcdc822
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 20:23:04 +00:00
Treehugger Robot
40c8242b36 Merge "Skip TQ2A.230405.003" am: a5d4554522 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2530585

Change-Id: I29da7f44247e961429813fed56cff1d094c44d94
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-12 19:00:59 +00:00
Treehugger Robot
a5d4554522 Merge "Skip TQ2A.230405.003" 2023-04-12 17:22:26 +00:00